Google Summer of Code 2015

[psiinon]

Its that time of year again :D
Hopefully I wont have to tell you all how much benefit we've gained from GSoC projects in the past - some of the key ZAP features have come from such projects.

So .. what projects should we propose this year?

Some initial suggestions:

• Detecting modern web app vulnerabilities (run ZAP against apps like Hackazon and Juice Shop, document what it doesnt find and change it so it finds as much as possible)
• Repeatable scans (make it easy to rerun scans and compare results)
  
• Zest text representation and parser
• Form management (show user all forms, allow them to specify defaults) - maybe not enough in this?
• Advanced report designer (again:/)
• Swing GUI Unit test framework

Also please let me know if you're interested in mentoring a GSoC project.

Last years suggestions are here: https://www.owasp.org/index.php/GSoC2014_Ideas

And this years list is here: https://www.owasp.org/index.php/GSoC2015_Ideas

Cheers,

Simon

[kingthorin+owaspzap]

I think I'd like to nominate https://code.google.com/p/zaproxy/issues/detail?id=9 as a GSoC candidate project.

[psiinon]

I hadnt thought of things like that, but yeah, thats a good one, and there may well be other similar issues which would be good candidates.

[psiinon]

Unfortunately neither OWASP not Mozilla were accepted as GSoC mentoring organizations this year :(

The good news is that this means there are even more fun projects available for students who would like to work on ZAP as part of their courses, and anyone else for that matter!

So if you'd like to work on ZAP in any capacity then please get in touch!

Simon

[Sam Hakim]

Hello,

What is the implementation status of the advanced report designer?  Has some work been done on that which I can pick up?

I am looking to improve reporting capabilities.

Thanks

[psiinon]

Hey Sam,

That definitely needs more work!
I'll email you directly, as it would be great if you could take this on :)

Many thanks,

Simon